CA3071288C - Firmware integrity check using silver measurements - Google Patents

Firmware integrity check using silver measurements Download PDF

Info

Publication number
CA3071288C
CA3071288C CA3071288A CA3071288A CA3071288C CA 3071288 C CA3071288 C CA 3071288C CA 3071288 A CA3071288 A CA 3071288A CA 3071288 A CA3071288 A CA 3071288A CA 3071288 C CA3071288 C CA 3071288C
Authority
CA
Canada
Prior art keywords
firmware
measurement
server
silver
electronic device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CA3071288A
Other languages
English (en)
French (fr)
Other versions
CA3071288A1 (en
Inventor
Eugene Khoruzhenko
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Absolute Software Corp
Original Assignee
Absolute Software Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Absolute Software Corp filed Critical Absolute Software Corp
Publication of CA3071288A1 publication Critical patent/CA3071288A1/en
Application granted granted Critical
Publication of CA3071288C publication Critical patent/CA3071288C/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/572Secure firmware programming, e.g. of basic input output system [BIOS]
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/73Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by creating or determining hardware identification, e.g. serial numbers
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/74Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Mathematical Physics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Stored Programmes (AREA)
CA3071288A 2017-08-22 2018-04-10 Firmware integrity check using silver measurements Active CA3071288C (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US201762548815P 2017-08-22 2017-08-22
US62/548,815 2017-08-22
PCT/CA2018/050443 WO2019036795A1 (en) 2017-08-22 2018-04-10 MONITORING INTEGRITY OF A FIRMWARE USING "SILVER" MEASURES

Publications (2)

Publication Number Publication Date
CA3071288A1 CA3071288A1 (en) 2019-02-28
CA3071288C true CA3071288C (en) 2021-03-09

Family

ID=65438257

Family Applications (1)

Application Number Title Priority Date Filing Date
CA3071288A Active CA3071288C (en) 2017-08-22 2018-04-10 Firmware integrity check using silver measurements

Country Status (5)

Country Link
US (2) US11443041B2 (de)
EP (1) EP3673401B1 (de)
AU (1) AU2018321586B2 (de)
CA (1) CA3071288C (de)
WO (1) WO2019036795A1 (de)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11138315B2 (en) * 2018-01-17 2021-10-05 Hewlett Packard Enterprise Development Lp Data structure measurement comparison
US11797684B2 (en) * 2018-08-28 2023-10-24 Eclypsium, Inc. Methods and systems for hardware and firmware security monitoring
US11017090B2 (en) 2018-12-17 2021-05-25 Hewlett Packard Enterprise Development Lp Verification of a state of a platform
US11360784B2 (en) 2019-09-10 2022-06-14 Hewlett Packard Enterprise Development Lp Integrity manifest certificate
US11080039B2 (en) 2019-11-25 2021-08-03 Micron Technology, Inc. Resilient software updates in secure storage devices
US11281472B2 (en) * 2020-02-03 2022-03-22 Dell Products L.P. System and method for securing compromised information handling systems
CN111352785B (zh) * 2020-03-05 2022-12-20 苏州浪潮智能科技有限公司 一种存储服务器无版本号固件的检测方法及系统
US20240045946A1 (en) * 2020-12-11 2024-02-08 Hewlett-Packard Development Company, L.P. Devices for verifying the integrity of software
US20250227019A1 (en) * 2022-03-31 2025-07-10 Nec Corporation Network monitoring system, network monitoring method, and recording medium
US12321459B2 (en) * 2022-07-21 2025-06-03 Dell Products L.P. Automated update of a customized secure boot policy
US20240311485A1 (en) * 2023-03-17 2024-09-19 Dell Products L.P. Bios protection using agent-based validation of bios version

Family Cites Families (35)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1429224A1 (de) * 2002-12-10 2004-06-16 Texas Instruments Incorporated Firmware Laufzeit Authentisierung
US7159144B2 (en) * 2003-06-20 2007-01-02 Broadcom Corporation Firmware code profiling
US20050132177A1 (en) 2003-12-12 2005-06-16 International Business Machines Corporation Detecting modifications made to code placed in memory by the POST BIOS
US7725703B2 (en) 2005-01-07 2010-05-25 Microsoft Corporation Systems and methods for securely booting a computer with a trusted processing module
US7907531B2 (en) 2005-06-13 2011-03-15 Qualcomm Incorporated Apparatus and methods for managing firmware verification on a wireless device
US7870394B2 (en) 2006-05-26 2011-01-11 Symantec Corporation Method and system to scan firmware for malware
US7613872B2 (en) 2006-11-28 2009-11-03 International Business Machines Corporation Providing core root of trust measurement (CRTM) for systems using a backup copy of basic input/output system (BIOS)
KR20080090939A (ko) 2007-04-06 2008-10-09 삼성전자주식회사 펌웨어의 업데이트 파일 생성 방법, 펌웨어 업데이트파일을 이용한 업데이트 방법 및 그 장치
US9053323B2 (en) 2007-04-13 2015-06-09 Hewlett-Packard Development Company, L.P. Trusted component update system and method
KR101427646B1 (ko) 2007-05-14 2014-09-23 삼성전자주식회사 펌웨어의 무결성 검사 방법 및 장치
US8555049B2 (en) 2007-10-05 2013-10-08 Panasonic Corporation Secure boot terminal, secure boot method, secure boot program, recording medium, and integrated circuit
US8898477B2 (en) * 2007-11-12 2014-11-25 Gemalto Inc. System and method for secure firmware update of a secure token having a flash memory controller and a smart card
US20090172639A1 (en) * 2007-12-27 2009-07-02 Mahesh Natu Firmware integrity verification
DE102008011925B4 (de) 2008-02-29 2018-03-15 Globalfoundries Inc. Sicheres Initialisieren von Computersystemen
CN101247416A (zh) * 2008-03-25 2008-08-20 中兴通讯股份有限公司 基于ota的固件下载方法、预处理方法、完整性验证方法
WO2009156904A1 (en) 2008-06-27 2009-12-30 Koninklijke Philips Electronics N.V. Device, system and method for verifying the authenticity integrity and/or physical condition of an item
EP2454658A1 (de) 2009-07-16 2012-05-23 Assa Abloy Ab Blindüberprüfung einer computer-firmware
US8869264B2 (en) 2010-10-01 2014-10-21 International Business Machines Corporation Attesting a component of a system during a boot process
US8856771B2 (en) 2011-08-19 2014-10-07 International Business Machines Corporation Protection for unauthorized firmware and software upgrades to consumer electronic devices
US9081954B2 (en) 2011-09-07 2015-07-14 Intel Corporation Verifying firmware integrity of a device
US9262637B2 (en) 2012-03-29 2016-02-16 Cisco Technology, Inc. System and method for verifying integrity of platform object using locally stored measurement
US9027125B2 (en) 2012-05-01 2015-05-05 Taasera, Inc. Systems and methods for network flow remediation based on risk correlation
US9189225B2 (en) * 2012-10-16 2015-11-17 Imprivata, Inc. Secure, non-disruptive firmware updating
US9910659B2 (en) * 2012-11-07 2018-03-06 Qualcomm Incorporated Methods for providing anti-rollback protection of a firmware version in a device which has no internal non-volatile memory
US9471536B1 (en) 2012-12-06 2016-10-18 Amazon Technologies, Inc. Automated firmware settings management
US9870474B2 (en) 2013-04-08 2018-01-16 Insyde Software Corp. Detection of secure variable alteration in a computing device equipped with unified extensible firmware interface (UEFI)-compliant firmware
US9578052B2 (en) * 2013-10-24 2017-02-21 Mcafee, Inc. Agent assisted malicious application blocking in a network environment
US9753796B2 (en) 2013-12-06 2017-09-05 Lookout, Inc. Distributed monitoring, evaluation, and response for multiple devices
US10026090B2 (en) * 2013-12-09 2018-07-17 CrowdCare Corporation System and method of creating and using a reference device profile
US9317691B2 (en) 2014-05-08 2016-04-19 Dell Products L.P. Pre-boot software verification
US10395032B2 (en) 2014-10-03 2019-08-27 Nokomis, Inc. Detection of malicious software, firmware, IP cores and circuitry via unintended emissions
US20160188879A1 (en) * 2014-07-25 2016-06-30 Trenchware, Inc. Detection and remediation of malware with firmware of devices
US10042693B2 (en) * 2016-07-12 2018-08-07 Infineon Technologies Ag Diverse integrated processing using processors and diverse firmware
US10489136B2 (en) * 2017-04-27 2019-11-26 Quanta Computer Inc. Automatic firmware and custom setting provision for server device
US11455396B2 (en) * 2017-05-12 2022-09-27 Hewlett Packard Enterprise Development Lp Using trusted platform module (TPM) emulator engines to measure firmware images

Also Published As

Publication number Publication date
US20200364340A1 (en) 2020-11-19
EP3673401A4 (de) 2021-04-14
EP3673401B1 (de) 2025-09-10
CA3071288A1 (en) 2019-02-28
WO2019036795A1 (en) 2019-02-28
AU2018321586A1 (en) 2020-01-30
US11443041B2 (en) 2022-09-13
EP3673401A1 (de) 2020-07-01
AU2018321586B2 (en) 2023-03-09
US20230004648A1 (en) 2023-01-05

Similar Documents

Publication Publication Date Title
US20230004648A1 (en) Firmware Integrity Check Using Silver Measurements
US11520894B2 (en) Verifying controller code
Xu et al. Dominance as a new trusted computing primitive for the internet of things
CN108027860B (zh) 用于进行异常检测的硬化事件计数器
US9607156B2 (en) System and method for patching a device through exploitation
US10474819B2 (en) Methods and systems for maintaining a sandbox for use in malware detection
Mutti et al. Baredroid: Large-scale analysis of android apps on real devices
US9349009B2 (en) Method and apparatus for firmware based system security, integrity, and restoration
US10194321B2 (en) Periodic mobile forensics
US8490189B2 (en) Using chipset-based protected firmware for host software tamper detection and protection
US8028172B2 (en) Systems and methods for updating a secure boot process on a computer with a hardware security module
US7853804B2 (en) System and method for secure data disposal
US20200272739A1 (en) Performing an action based on a pre-boot measurement of a firmware image
Han et al. A bad dream: Subverting trusted platform module while you are sleeping
US9245122B1 (en) Anti-malware support for firmware
US8819330B1 (en) System and method for updating a locally stored recovery image
US8838952B2 (en) Information processing apparatus with secure boot capability capable of verification of configuration change
CN110245495A (zh) Bios校验方法、配置方法、设备及系统
US10122739B2 (en) Rootkit detection system and method
US10019577B2 (en) Hardware hardened advanced threat protection
US9779248B1 (en) Protection of secured boot secrets for operating system reboot
WO2025139716A1 (zh) 固件的执行方法和装置、系统、存储介质及电子装置
US20240037242A1 (en) Intelligent pre-boot indicators of vulnerability
US20200244461A1 (en) Data Processing Method and Apparatus
US12353557B2 (en) Generating alerts for unexpected kernel modules

Legal Events

Date Code Title Description
EEER Examination request

Effective date: 20200825